1. The Field of the Invention
The present invention relates to computer networking technology. More specifically, the present invention relates to mechanisms for applying flexible, selectable and granular policies regarding what authorities and statements are to be trusted.
2. Background and Related Art
Never before have so many had access to so much information, and never before have so many had the ability to readily communicate as they do now. This new era of highly advanced communication and information access is largely enabled by the advancement and proliferation of computer networks throughout the globe. Any individual having access to an Internet-enabled computing system may communicate with any one of millions of other similarly enabled computing systems (and potentially also their associated users). While this is certainly advantageous when behavior is appropriate, there is also the unfortunate opportunity to cause harm.
Accordingly, there is a need to ensure proper security to defend against inappropriate network communications while still permitting appropriate network communications. Authentication at least partially allows such a defense by allowing computing systems (or their associated users) to properly determine that the other computing system (or associated user) is indeed who they purport to be. A security protocol that enables such authentication includes, for example, Secure Socket Layer (SSL).
Conventionally, once a first computing system authenticates a second computing system, the first computing system still is not properly secure with respect to the second computing system. For example, the second computing system could still (in its own name) make statements that are not true, or which are true but without adequate assurances of their truth. Accordingly, the first computing system still makes the separate determination as to whether or not to trust the second computing system. In other words, the first computing system, despite believing that the second computing system is indeed the second computing system, still determines whether or not to trust the second computing system. This has conventionally been an all or nothing affair. For example, using SSL, once the second computing system has been identified, the first computing system either believes all statements that the second computing system makes appertaining to its corresponding Uniform Resource Identifier (URI) or it does not believe such statements.
Trust need not be an all or nothing affair. For example, one might trust a financial planner with respect to statements made on financial planning issues, but not with regard to statements made on child rearing. Often, making such distinctions in the human world results in better judgments. Accordingly, what would be advantageous would be mechanisms for expressing more flexible, selectable, and fine-grained control over what and who is to be trusted in the computer network so as to allow for more intelligent trusting.